GRU indictment accuses 7 Russians in global cyberattacks

Officials in the U.S., Canada, U.K. and the Netherlands formally accused seven officers of Russia’s GRU military intelligence agency with cyberattacks targeting individuals and organizations involved in international anti-doping efforts.

The GRU indictment from the U.S. Department of Justice (DOJ) charged Aleksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov, Ivan Sergeyevich Yermakov, Artem Andreyevich Malyshev, Dmitriy Sergeyevich Badin, Oleg Mikhaylovich Sotnikov and Alexey Valerevich Minin with computer hacking, wire fraud, aggravated identity theft and money laundering. The DOJ noted that although the Special Counsel investigation did not lead to this GRU indictment, three of the seven men were also named in a previous indictment by Robert Mueller.

The GRU indictment stated the attacks began “in or around December 2014 and continuing until at least May 2018, the conspiracy conducted persistent and sophisticated computer intrusions affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to the Russian government.”

The GRU officers were named as part of the advanced persistent threat group known as “Fancy Bear,” which has previously been labeled as a Kremlin hacking team. The GRU indictment claimed the officers attempted to “draw media attention to the leaks through a proactive outreach campaign,” including exchanging “emails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.”

The GRU indictment alleged the officers attacked the World Anti-Doping Agency (WADA) and nearly 40 other anti-doping agencies or sporting organizations to obtain “non-public, personal health information about athletes” and Assistant Attorney General for National Security John Demers said in a statement the aim was to leak the athlete data and “undermine those organizations’ efforts to ensure the integrity of the Olympic and other games.”

Jeremy Hunt, foreign secretary for the U.K., called the GRU attacks “reckless and indiscriminate.”

“They try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” Hunt said in a statement. “This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.”

Some experts claimed the GRU indictment may not lead to any real-world impact because some of the officers charged are in Russia and will likely never stand trial. However, Dmitri Alperovitch, co-founder and CTO of CrowdStrike, disagreed with that line of thinking on Twitter.

For people claiming that indictments of foreign nation state cyber operatives won’t have any effects, here is a counterexample. These folks were conducting close-access ops against hard targets requiring travel. They won’t be able to do that anymore… https://t.co/dnbEGDocdD

Phil Neray, vice president of industrial cybersecurity at CyberX, based in Boston, noted that the GRU indictment went beyond the sporting agency attacks.

“Almost buried in the indictment is a description of how the GRU hacked Pittsburgh-based Westinghouse, whose power plant designs are used in about half of the world’s nuclear power plants. One of the motivations for this attack would be to steal sensitive design information about industrial control systems so that Russian threat actors could further compromise critical infrastructure in the West,” Neray wrote via email. “This is pretty sobering, especially when you realize that the GRU is also responsible for unleashing NotPetya on the world, a destructive worm which has been called the most devastating cyberattack in history.”